the hackers are ready. are we - startpagina - v-ict-or howest... · the hackers are ready. are we ?...
TRANSCRIPT
The hackers are ready. Are we ?
Shopt IT 2015 - 30 aprilKurt Callewaert
HOWEST UNIVERSITY of APPLIED SCIENCES
Lecturer Applied Computer Science- Computer & Cyber Crime Professional
Research manager
ISACA Academic Advocate for Howest University College
Member of the Belgian Cyber Security Coalition
11/05/2015 SHOPT IT 2015 1
751.000
Notifications of infected computers in Belgium
(until June 2014)
Number of infected computers in Belgium
3
0
100
200
300
400
500
600
700
800
2010 2011 2012 2013 Q1-Q2 2014
Number of incidents and notifications at CERT.be
116
614
X 5,29 Notifications at CERT.be / month
Incidents atCERT.be / month
4
Kurt Callewaert [email protected]
• Lecturer Applied Computer Science
* Maths , Problem solving
* Cryptography
* Cybersecurity Management
* IT Governance Cobit 5
* Risk management / assesment
• Research manager
* Research projects
* Internships / Bachelor Proofs
* Challenges , studytours , IT fairs ,…
• Member of the Belgian Cyber Security Coalition
• https://be.linkedin.com/in/kurtcallewaert
11/05/2015 SHOPT IT 2015 5
Education Landscape for Cybersecurity
11/05/2015 SHOPT IT 2015 7
Education in IT and Computer Sciences
Education in Information Security and Cybersecurity related domains
Specific courses within other education programs
Check www.b-ccentre.be/education
Check www.b-ccentre.be/education
Following pages list inventoried options
Checkb-ccentre.be/education
11/05/2015 SHOPT IT 2015 8
Education in IT and Computer SciencesSpecific courses within other education
programs
Academic education in Information Security, Cybersecurity and related studies
Inventoried education offering:
• Computer & Cyber Crime Professional (Bachelor) ,HOWEST University of Applied Sciences (Bruges)
• Executive Master of IT Governance And Assurance, Antwerp Management School
• Advanced Master of Intellectual Property Rights And ICT Law, Ku Leuven
• Executive Programme in Security Governance, Solvay Brussels School Of Economics And Management
• Executive Programme in Cybersecurity, Solvay Brussels School Of Economics And Management
• Executive Programme in Information Security, Solvay Brussels School Of Economics And Management
• Executive Master in Information Risk And Cybersecurity, Solvay Brussels School Of Economics And Management
11/05/2015 SHOPT IT 2015 9
Education in Information Security and Cybersecurity related domains
COMPUTER & CYBER CRIME PROFESSIONALHOWEST University of Applied Sciences in Brugeswww.howest.be
• Unique training from the age of 17 / 18 years
• Level : Professional Bachelor Applied Computer Science – 3 years
• Technical skills :
Web pentesting, Network & system pentesting, Forensic analysis , Social engineering, Cryptography , Biometrics, …
• Non technical skills :
IT Governance , Information security management , Risk management , Risk assesment , Privacy rules , IT jurisdiction , Cyber crimes, Mobile security management, Cybersecurity , …
• Frameworks :
COBIT 5 , ISO 27001/2 , NIST CSF , PTES , ITIL v3 , OWASP , SANS , …
• Certificates :
CEH , Cisco CCNA , VMware , CSX (Cyber Security neXus)
Ready for CISSP and CISM
• Secure development :
Python, C , C# , PHP, Java , JavaScript , ASP.NET
11/05/2015 SHOPT IT 2015 11
11/05/2015 SHOPT IT 2015 13
Traject Computer & Cyber Crime professional HOWEST - Toegepaste informatica
Webbeveiliging I S2
Web pentesting Parcifal Aertssen NL 2
Data mining technieken S3
Wetgeving i.v.m. privacy en databanken en informaticarecht Marc Vael NL 3
Webbeveiliging II S3
Webbeveiligingen en Honeypot Parcifal Aertssen NL 3
Softwareontwikkeling en beveiliging S4
C en Python Jonas Maes NL 3
Computercriminaliteit S4
Computercriminaliteit Guy Verbeeren NL 3
Projecten III S4
Beveiligingsproject in samenwerking met bedrijf of organisatie S5 Kurt Callewaert NL 6
Beveiligingstechnologie II S5
VMware, Cloud computing en beveiliging Tijl Deneut ENG 3
Linux Server security Jonas Maes ENG 3
Forensische ICT en CCNA Security S5
Forensische ICT tools Tijl Deneut ENG 2
CCNA Security Christiaan Ledoux ENG 2
Beveiligingsalgoritmes en -software S5
Beveiligingsalgoritmes - cryptography Kurt Callewaert ENG 3
Netwerk en systeem pentesting Tijl Deneut ENG 3
Beveiligingsbeleid S5
IT Governance Kurt Callewaert ENG 2
Beveiligingsbeleid, threat en risk assessment Kurt Callewaert ENG 2
Webbeveiliging IV S5
Gastsprekers uit de security over onderwerpen die niet aan bod Tijl Deneut ENG 3
kwamen tijdens de lessen vb SCADA
Challenges, seminaries en bedrijfsbezoeken S6 Kurt Callewaert ENG/NL
Deelname Brucon, Infosecurity, Hacking challenges, Fosdem 3
Bezoek NATO en Europol
Bachelorproef en stage S6 Kurt Callewaert ENG/NL
Security stage in een bank, bedrijf of openbare instelling, 27
73
11/05/2015 SHOPT IT 2015 17
Roadmap security audit (beveiligingsproject)
1. Introductie1.1. Duratie van de audit1.2. Voorwaarden van de audit1.3. Technisch/Organisatorisch1.4. Non-Disclosure Agreement1.5. Penetration Test2. Process flow and phases2.1. Reconnaissance fase2.2. Information Gathering2.3. Information Analysis2.4. Penetration test2.4.1. Network penetration fase2.4.2. Application Penetration test2.4.3. Social Engineering2.4.4. Audits2.5. Conclusie3. Schema Roadmap4. Rapportering4.1 SANS Five Quick Wins5. Bijlagen